fix(portal): onboarding/login links last 7 days, not 60 min
The rescue onboarding emails hardcoded a 60-minute expiry -- way too short for a paid customer who hasn't engaged yet (they may not check email for hours/days), so Paul's and Mitchell's links expired before they used them. Onboarding links now last 7 days (ONBOARDING_TTL_MINUTES); the standard security password-RESET window bumped 30min -> 2h. Re-issued fresh 7-day links to all 3 affected customers (none had set a password yet) via reissue-onboarding-links.mjs, cc'd.
This commit is contained in:
justin
parent
a6d2f10149
commit
e87715aee7
5 changed files with 75 additions and 10 deletions
|
|
@ -16,7 +16,13 @@ import nodemailer from "nodemailer";
|
|||
import { pool } from "../db.js";
|
||||
|
||||
const SITE_URL = process.env.SITE_URL || "https://performancewest.net";
|
||||
const RESET_TTL_MINUTES = 30;
|
||||
// Password-RESET window for an existing account (security-sensitive): 2 hours.
|
||||
const RESET_TTL_MINUTES = 120;
|
||||
// Onboarding / first-password window for a NEW customer who hasn't engaged yet
|
||||
// (e.g. set-password invites): 7 days, so the link doesn't expire before they
|
||||
// get to it. These customers paid and just need to get in; a short window
|
||||
// strands them.
|
||||
export const ONBOARDING_TTL_MINUTES = 7 * 24 * 60;
|
||||
|
||||
async function sendEmail(opts: { to: string; subject: string; html: string; text: string }) {
|
||||
const t = nodemailer.createTransport({
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue